The protection of valuable assets is vital for government, private entities and individuals. Valuable assets are commonly protected by various access control systems to ensure that access to the assets are limited to only authorized persons. This includes protecting physical assets such as research labs with expensive equipment and file cabinets containing sensitive private information stored in the human resource department of a corporate office. Applications also include protecting electronic assets in the form of electronic data stored in computer and electronic systems. Access control systems use various authentication methods to control access to the physical and electronic assets. Typical authentication methods include passwords, tokens, access cards, biometrics, or other passcodes that ensure only authorized persons have access to the valuable assets.
Several problems arise when the authentication process malfunctions, such as when a user forgets a password, a token fails to work, or biometric match failure. Furthermore with respect to electronic data, stored and encrypted data will be lost, when a security system uses the passcode as an input for a data encryption algorithm or other secure transformation function. Users are encumbered with security features that require users to remember passwords, carry tokens, or utilize biometric features, so it is inevitable that such authentication methods regularly malfunction.
Existing authentication methods are vulnerable to misuse when a user attempts to recover a passcode after the authentication method fails to function, such as when the user forgets a password, has a malfunctioning token, or experiences a biometric match failure. For example, to reset a password the access control system must keep a record of the password in a database and send a copy to the user upon request. Alternatively, the access control system may establish a new random password and send a copy to the user. In both cases, the access control system knows the user's password. The password is thus vulnerable to disclosure to unauthorized users by means of attacks on the server, database, or the copy sent to the user. The password is also vulnerable to disclosure by unauthorized users from insider threats that lookup or reset the password from within the access control system. Furthermore, stored encrypted data will be permanently lost if the security system used the password as an input to the encryption algorithm and the original password was not stored in backup, or the user's stored encrypted data is susceptible to decryption by an unauthorized user with access to the stored password in backup.
This invention provides a novel method allowing an authorized user access to controlled assets when a passcode method malfunctions, such as when a user forgets a password, a token malfunction, or a biometric mismatch. For example, the invention allows temporary access to an access control system without knowing the password and without sending the user the password or a new random password. The user is able to set a new password without knowing the previous password. Furthermore, stored encrypted data is preserved and made accessible once again via the new password. This invention works for many authentication methods such as restoring access when a password, token, access card, or biometric method is used.